<div>There are a few issues with creating a lucid container, then adding the updates and security repositories.</div><div><br></div><div>If you add them later, you'll get problems that prevent your container from fully starting if you upgrade the following:</div>
<div><div> mountall (2.14 => 2.15.3) and</div><div> ifupdown (0.6.8ubuntu29 => 0.6.8ubuntu29.2)</div><div><br></div><div>mountall will override <container>/lib/init/fstab to look like:</div></div><div>>>></div>
<blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><font class="Apple-style-span" face="'courier new', monospace"># /lib/init/fstab: static file system information.<br>
</font><font class="Apple-style-span" face="'courier new', monospace">#<br></font><font class="Apple-style-span" face="'courier new', monospace"># These are the filesystems that are always mounted on boot, you can<br>
</font><font class="Apple-style-span" face="'courier new', monospace"># override any of these by copying the appropriate line from this file into<br></font><font class="Apple-style-span" face="'courier new', monospace"># /etc/fstab and tweaking it as you see fit. See fstab(5).<br>
</font><font class="Apple-style-span" face="'courier new', monospace">#<br></font><font class="Apple-style-span" face="'courier new', monospace"># <file system> <mount point> <type> <options> <dump> <pass><br>
</font><font class="Apple-style-span" face="'courier new', monospace">/dev/root / rootfs defaults 0 1<br></font><font class="Apple-style-span" face="'courier new', monospace">none /proc proc nodev,noexec,nosuid 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /proc/sys/fs/binfmt_misc binfmt_misc nodev,noexec,nosuid,optional 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /sys sysfs nodev,noexec,nosuid 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /sys/fs/fuse/connections fusectl optional 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /sys/kernel/debug debugfs optional 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /sys/kernel/security securityfs optional 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /spu spufs gid=spu,optional 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /dev devtmpfs,tmpfs mode=0755 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /dev/pts devpts noexec,nosuid,gid=tty,mode=0620 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /dev/shm tmpfs nosuid,nodev 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /tmp none defaults 0 0<br>
</font><font class="Apple-style-span" face="'courier new', monospace">none /var/run tmpfs mode=0755,nosuid,showthrough 0 0<br></font><font class="Apple-style-span" face="'courier new', monospace">none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0</font><div>
<div><div><font class="Apple-style-span" face="'courier new', monospace">none /lib/init/rw tmpfs mode=0755,nosuid,optional 0 0</font></div></div></div></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
</blockquote><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"></blockquote><div><div>>>></div><div><br></div><div>Instead of:</div></div><div>>>></div>
<blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div><div><div><font class="Apple-style-span" face="'courier new', monospace"># /lib/init/fstab: lxc system fstab</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace">none /spu spufs gid=spu,optional 0 0</font></div><div><font class="Apple-style-span" face="'courier new', monospace">none /tmp none defaults 0 0</font></div>
<div><font class="Apple-style-span" face="'courier new', monospace">none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0</font></div><div><font class="Apple-style-span" face="'courier new', monospace">none /lib/init/rw tmpfs mode=0755,nosuid,optional 0 0</font></div>
</div></div></blockquote><div>>>></div><div><br></div><div>I note that other versions of ubuntu don't seem to require this stripped down /lib/init/fstab, can anyone explain why?</div><div><br></div><div>If you replace it with the old version, you'll be good to go, but...</div>
<div>ifupdown has these changes (though I don't quite understand why they're an issue, seems like they should just work..):</div><div>>>></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div><div><font class="Apple-style-span" face="'courier new', monospace">diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">--- ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface-security.upstart 2010-02-20 17:30:21.000000000 +1300</font></div></div>
<div><div><font class="Apple-style-span" face="'courier new', monospace">+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface-security.upstart 2011-01-05 07:48:34.000000000 +1300</font></div></div><div><div>
<font class="Apple-style-span" face="'courier new', monospace">@@ -13,14 +13,22 @@</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> or starting network-manager</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> or starting networking)</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+# In order to handle the lack of upstart feature LP: #568860, we need to</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+# run multiple times, for each of the above "starting" service instances, or</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+# else another one might run while we're running, and not wait for us to</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+# finish.</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+instance $JOB${INTERFACE:+/}${INTERFACE:-}</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> # Since we need these profiles to be loaded before any of the above services</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> # begin running, this service must be a pre-start so that its pre-start</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> # script finishes before the above services' start scripts begin.</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> pre-start script</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ [ -f /var/run/network-interface-security ] && exit 0 # already ran</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> [ -d /rofs/etc/apparmor.d ] && exit 0 # do not load on liveCD</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> [ -d /sys/module/apparmor ] || exit 0 # do not load without AppArmor</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> [ -x /sbin/apparmor_parser ] || exit 0 # do not load without parser</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> for link in /etc/apparmor/init/network-interface-security/* ; do</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> [ -L $link ] && /sbin/apparmor_parser -r -W $link || true</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> done</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ > /var/run/network-interface-security</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> end script</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">--- ifupdown-0.6.8ubuntu29/debian/ifupdown.network-interface.upstart 2010-02-20 17:30:21.000000000 +1300</font></div></div><div><div>
<font class="Apple-style-span" face="'courier new', monospace">+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.network-interface.upstart 2011-01-05 07:48:34.000000000 +1300</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">@@ -10,8 +10,15 @@</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> stop on net-device-removed INTERFACE=$INTERFACE</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> instance $INTERFACE</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+export INTERFACE</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> pre-start script</font></div></div>
<div><div><font class="Apple-style-span" face="'courier new', monospace">+ if [ "$INTERFACE" = lo ]; then</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ # bring this up even if /etc/network/interfaces is broken</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ ifconfig lo 127.0.0.1 up || true</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ initctl emit -n net-device-up \</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ IFACE=lo LOGICAL=lo ADDRFAM=inet METHOD=loopback || true</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ fi</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> mkdir -p /var/run/network</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> exec ifup --allow auto $INTERFACE</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> end script</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">diff -u -r ifupdown-0.6.8ubuntu29/debian/ifupdown.upstart.if-up ifupdown-0.6.8ubuntu29.2/debian/ifupdown.upstart.if-up</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">--- ifupdown-0.6.8ubuntu29/debian/ifupdown.upstart.if-up 2010-02-20 17:30:21.000000000 +1300</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+++ ifupdown-0.6.8ubuntu29.2/debian/ifupdown.upstart.if-up 2010-07-23 00:59:07.000000000 +1200</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">@@ -2,6 +2,10 @@</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div></div>
<div><div><font class="Apple-style-span" face="'courier new', monospace"> set -e</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> </font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+if [ "$IFACE" = lo ]; then</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+ exit 0 # emission handled by /etc/init/network-interface.conf</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace">+fi</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">+</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> initctl emit -n net-device-up \</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace"> "IFACE=$IFACE" \</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"> "LOGICAL=$LOGICAL" \</font></div>
</div></blockquote><div>>>></div><div><br></div><div>If you comment out the additions to /etc/network/if-up.d/upstart like so:</div><div>>>></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div><div><font class="Apple-style-span" face="'courier new', monospace">#if [ "$IFACE" = lo ]; then</font></div></div><div><div><font class="Apple-style-span" face="'courier new', monospace"># exit 0 # emission handled by /etc/init/network-interface.conf</font></div>
</div><div><div><font class="Apple-style-span" face="'courier new', monospace">#fi</font></div></div></blockquote><div>>>></div><div><br></div><div>Then your lxc will start again, but I'd really prefer not to have to do it every time I create a lucid container.</div>
<div><br></div><div>Is there a good solution for these issues? Is the solution to modify the debootstrap template, or does it lie elsewhere?</div><div><br></div><div>Cheers,</div><div><br></div><div>Elliot Pahl</div><div>
<br>--<br>Elliot Pahl<br><a href="mailto:elliot.pahl@gmail.com" target="_blank">elliot.pahl@gmail.com</a><div><br></div><br>
</div>